On Fri, 16 May 2003 at 03:58:23PM +0200, Torbjorn Pettersson wrote: > The idea was that noone is ever going to use the root password > unless the boxen in the serverroom are so broken that they will > not get past fsck, and if you have physical access to the server > room no root password in the world will protect your systems. You > wouldn't want your only instance of your root password/passwords > locked into a broken disk you are trying to salvage...
Have multiple copies on multiple shares on multiple systems. If you really are concerned about them all puking, print the ASCII armors version of the encrypted output. Putting a password in a seal envelope (though a heavily used practice) is not the best solution. Also, in the environment I work in, the system operator console area is in a separate area of the building than the systems. Just because an intruder has access to the console area does not mean he has access to the systems physically. -- Phillip Hofmeister Network Administrator/Systems Engineer IP3 Inc. http://www.ip3security.com PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #163: RPC_PMAP_FAILURE
pgprdbC6mHU6b.pgp
Description: PGP signature